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int 


pw uid; 


/* 


user-ID */ 


int 


pw gid; 


/* 


group-ID */ 


int 


pw quota; 


/* 


BSD-only; not used */ 


char 


*pw age; 


/* 


System V-only; password 


char 


*pw comment; 


/* 


not used */ 


char 


*pw gecos; 


/* 


miscellany * / 


char 


*pw dir; 


/* 


login-directoty * / 


char 


*pw shell; 


/* 


shell */ 



Ms: 



(The order of the elements in this structure might be different on your Unix system, but 
their names are as shown above.) Both theluncto 

to a pass wd structure that has been filled in with^the value^^ e ntry 
ih^he~7el^7p^ entrv is not found. The getpwuj^ 

function searches for_ajratehin^ searches . for a 

matching login .name, . "~^ ( '^-~ 

^ We'll encounter these two functions in the later chapters that cover line printer 
access, remote command execution, and remote login. The ^etpvmainf yri c ii°i}.J5Ji5 ed ' 
for example, w^^logmjname M^5£? ~ a ^?0LaM server- The reason for 

using the name, instead of the user ID, is that yojn^v^ 

ferent_systems on . which _ you Jiave a v^idjaccount. Therefore, the client has to obtain 
your login name by 

struct passwd *pwd; 

pwd = getpwuid( getuidOJ; 
The server then aises getpwnam to turn the name into your user ID. 

v.. lit 
Shadow Passjivbrds 

System V Release 3.2 introduced shadow passwords. This feature stores the encrypted 
passwords in a separate file, /etc7shjKto^;^^ 

/etc/passwd file is set to ar^terlsE'The new shadow file, /etc /shadow, is set so 
th"ardnlyThe" superiise the 'file andjhe Jorigi^ remains 

readabfe by anyone. 

The problem with the original password file scheme is that even with a one-way 
encryption algorithm for - the password Jield,„ intruders- were, , taking, copies-of the 
/etc/pas.swd file. and using- common words- as guesses. Since many users set their 
passwords to common words (their family names, common, computer terms, common 
words backwards, and the like) a brute force §e^ch.jMuld..ote 
passwords. 

-—Another "feature that was introduced with shadow passwords is password aging. 
This allows the system administrator to specify both the^minimum 
of days between password changes for a user. 
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tfiZiZT» the , gT ° UP Tn° f ° Wner ° f thiS f,le "' A Pr ° gram with this s P^ial 
III I set-group-ID program. Like the set-user-ID feature, this provides 

additiona perm.ss.ons to users while the set-group-ID program is being executed 

We II encounter all four of these IDs when we discuss the security aspects of net 
workjjr^ramming. • 

Superuser 



\ 



l^rlDzeroisspecial— it identifies the superuser. The login name for the superuser is 
^ually ro*. The superuser is-alloWed un?eTtncted~access to files and additional permis- 
sions over other processes. For example, the superuser can terminate any other process 
on the system, a privilege not available to other user IDs. 

A process with an effective user ID of zero is termed a superuser process. When a 
sys em funcdoo., said to be "restricted to the superuser" this means that the process 
must have an effective user ID of zero to do the specified operation. 

Password File 

Each line in the /etc/pasgsuLfile has the following format: 

login-name : enc n p M d : password : user-ID : group-ID : miscellany : login-directory : shell 
■ There are seven fields, separated from each other by colons. The login-name is the name 
you enter ,n response to the login : prompt when logging on to the system. This field is 
somet.mes called the ^sername. The enaypted-password field can be empty, in which 
case you are not prompted for a password. Since the passwords in this file are encrypted 
this files always readable by anyone. The user-ID and group-ID fields are the numeric 

t l Ue ^ eS T» « 3b0Ve - ? C ^^MXiBecifies your initial current working direc 
tory. The^^^ js jnvoked when 

All these|,ejds are described in monHIeTailWtff^^ " 
V.-ropt : »7*lmVqMxG14g:0 : 10 : The Superuser : / : /bin/ksh 
sevens : u0ud5eOq2MpaZ : 224 : 5 : Richard Stevens : /usrl/stevens : /bin/ksh 

The standard C library provides two functions to search the /etc/passwd file, looking 
Ucj^jrialching_ user..ID ori oginjiame ~ - - 5 



•V #include <pwd.h> 

^ , 

^ /struct passwd *|gtpwuid.( int uid) ; 
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struct passwd *getp_wnam (char *name) ; 
Thefnclude fije <pwd7h> defines a structure with the following elements: 
struct passwd { 

T " ci ?~? .*?. w -1 anie; /* login-name */ 

,-' char *pw_passwd; /* encrypted-pas sword * / 
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